Reaver implements a brute force attack against Wifi Protected Setup
(WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as
described in:
http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf.

Reaver has been designed to be a robust and practical attack against
WPS, and has been tested against a wide variety of access points and
WPS implementations.

On average Reaver will recover the target AP's plain text WPA/WPA2
passphrase in 4-10 hours, depending on the AP. In practice, it will
generally take half this time to guess the correct WPS pin and recover
the passphrase.
